Apache httpd permissions

linux permissions httpd

I have created a directory

/xyz/www

With the following permissions:

-rw-r--r--. 1 myuser developers

I edited my http.conf:

DocumentRoot "/xyz/www/"
<Directory "/xyz/www/">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

I get 403 error: You don't have permission to access / on this server.

Looking in the logs:

(13)Permission denied: Can't open directory for index: /xyz/www/

I've tried recursively adding 777 permissions but still have the same issue.


What you have to do is copy the same security context /var/www/html has. To do this:

# ls -la --context /var/www/html
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t .
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t ..
-rw-r--r-- root root user_u:object_r:httpd_sys_content_t index.html

Then you have to set it to your desire DocumentRoot as follows:

# chcon -R system_u:object_r:httpd_sys_content_t /xyz/www

Is your target directory NTFS or ext3 ? Please check SELinux context of target directory using

ls -a --context /target/directory

If the context of target directory is alike

system_u:object_r:fusefs_t:s0

using

setsebool -P httpd_use_fusefs on

might work for you as it could be just a boolean issue for the filesystem. Please do confirm the security aspects of Booleans as I'm unaware of them.

SELinux Booleans


Directories normally require the x permission for processes to access files within them. With the permissions you currently have, you would be able to ls the directory but not cd into it. Since the directory is owned by you, Apache will be running with the permissions of the third column.

Try chmod +x /xyz/www.

If you still have problems, check the permissions on /xyz/ as well.


I had the same problem - the chcon command fixed it.

I was creating an install server and wanted my images under /export/install/<image> with a symlink in the doc root. I was certain my httpd.conf settings were correct.

The directories & files were 755 & 644 respectively, and the apache user could traverse the tree so what was it?

I used a similar command to the one above but used the reference option:

% chcon -R --reference=/var/www/html /export

Could have just shut off selinux but I want to learn how to live with it.

Related

How do I convince management to approve IPv6 deployment?
I have a Cisco Catalyst 2940 and want to connect to it via the network. How to find its IP address?
Wireless health risks: any proof of it being a threat? Do you take it into account?
Real experience of being hacked on linux?
Making Active Directory changes atomic
Fewer big servers or more smaller ones?
Is Ubuntu a viable replacement of Windows XP for small enterprise environments?
100mb/s upgrade to 1gbps network - To Prevent DDOS [duplicate]
setup lowcost image storage server with 24x SSD array to get high IOPS?
Why is ping to Google servers and Google DNS so low?
Possible to get cleartext password?
How to analyse logs after the site was hacked